CN114785565A - Data security exchange system based on network boundary - Google Patents

Data security exchange system based on network boundary Download PDF

Info

Publication number
CN114785565A
CN114785565A CN202210337850.5A CN202210337850A CN114785565A CN 114785565 A CN114785565 A CN 114785565A CN 202210337850 A CN202210337850 A CN 202210337850A CN 114785565 A CN114785565 A CN 114785565A
Authority
CN
China
Prior art keywords
data
transmission
module
abnormal
channel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210337850.5A
Other languages
Chinese (zh)
Other versions
CN114785565B (en
Inventor
牛耕
张倚榕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Guoxin Wanglian Technology Co ltd
Original Assignee
Beijing Guoxin Wanglian Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Guoxin Wanglian Technology Co ltd filed Critical Beijing Guoxin Wanglian Technology Co ltd
Priority to CN202210337850.5A priority Critical patent/CN114785565B/en
Publication of CN114785565A publication Critical patent/CN114785565A/en
Application granted granted Critical
Publication of CN114785565B publication Critical patent/CN114785565B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention relates to a data security exchange system based on network boundary, which relates to the technical field of data exchange and comprises a data exchange module for data transmission at a data sending end and a data receiving end; the data acquisition module is used for acquiring transmission data of the data transmission channel during data exchange; the safety control module is used for acquiring network data and channel abnormal data in the transmission process when data is transmitted; the virus searching and killing module is used for acquiring abnormal transmission data during data transmission, comparing the abnormal transmission data with virus data stored and/or historically searched and killed by the virus searching and killing module according to the abnormal transmission data, and determining the similarity between the abnormal data and the virus data according to a comparison result; the access control module controls the data transmission process during data exchange; the control precision of the data exchange process is improved, and the safety of the data is further ensured.

Description

Data security exchange system based on network boundary
Technical Field
The invention relates to the technical field of data exchange, in particular to a data security exchange system based on a network boundary.
Background
Data exchange is used as the operation of a user for data transmission through a terminal, great convenience can be brought to the work of the user, and in order to ensure the data transmission efficiency and the data transmission safety, the data exchange process must be strictly controlled during data exchange.
Chinese patent publication No.: CN 104092784B. The data exchange method comprises the steps of setting a data mapping rule according to a data structure relationship between a first application system and a second application system, and acquiring metadata from the first application system and the second application system; according to the data mapping rule and the metadata, a unified data exchange interface is constructed, and data exchange service is established for the data exchange interface; receiving a data exchange request sent by the first application system through the data exchange service, and sending the data exchange request to a corresponding service processing unit according to the content of the data exchange request, wherein the service processing unit performs data structure conversion according to the data structure relationship between the first application system and the second application system to acquire data which the first application system requests to exchange; sending the data to the first application system; therefore, the data exchange method has the following problems that the control of the data exchange process is not accurate, and the data exchange efficiency is not high.
Disclosure of Invention
Therefore, the invention provides a data security exchange system based on a network boundary, which is used for solving the problem of low data exchange efficiency caused by inaccurate control on a data exchange process in the prior art.
In order to achieve the above object, the present invention provides a data security exchange system based on network boundary, which is characterized by comprising:
the data exchange module is used for carrying out data transmission at the data transmitting end and the data receiving end;
the data acquisition module is connected with the data exchange module and is used for acquiring transmission data of the data transmission channel during data exchange;
the safety control module is respectively connected with the data acquisition module and the data exchange module and is used for acquiring network data and channel abnormal data in a transmission process when data transmission is carried out;
the virus searching and killing module is respectively connected with the data acquisition module and the safety control module, and is used for acquiring abnormal transmission data during data transmission, comparing the abnormal transmission data with virus data stored and/or historically searched and killed by the virus searching and killing module according to the abnormal transmission data, and determining the similarity between the abnormal data and the virus data according to a comparison result;
and the access control module is respectively connected with the data acquisition module, the data exchange module, the safety control module and the virus checking and killing module, and is used for controlling the data transmission process during data exchange.
Further, the data exchange module obtains the data amount Ud to be transmitted when transmitting data, and determines the number of transmission channels according to the data amount Ud to be transmitted,
the data exchange module is provided with a first preset data amount to be transmitted Ud1, a second preset data amount to be transmitted Ud2, a third preset data amount to be transmitted Ud3, a first channel number R1, a second channel number R2 and a third channel number R3, wherein Ud1 is more than Ud2 and less than Ud3, R1 is more than R2 and less than R3,
when Ud is not more than Ud1, the data exchange module sets the number of transmission channels to R1;
when the Ud1 is more than the Ud and less than or equal to the Ud2, the data exchange module sets the number of the transmission channels to be R2;
when Ud2 < Ud ≦ Ud2, the data exchange module sets the number of transmission channels to R3.
Further, when the data exchange module performs data transmission, the data acquisition module acquires a real-time transmission rate V and a data volume U of each data transmission channel, calculates a channel utilization rate P of the transmission channel, and sets P ═ U/Uz, where U is a data volume transmitted by the transmission channel in real time and Uz is a maximum data volume transmittable by the transmission channel.
Further, when the data acquisition module determines that the channel utilization rate is completed, the data acquisition module compares the channel utilization rate P with a preset channel utilization rate P0, and determines whether the channel utilization rate reaches the standard according to the comparison result,
if P is less than P0, the data acquisition module judges that the channel utilization rate does not reach the standard;
and if P is larger than or equal to P0, the data acquisition module judges that the channel utilization rate reaches the standard.
Further, when the data acquisition film judges that the channel utilization rate does not meet the standard, the safety control module acquires the network rate W in the transmission process, determines whether channel transmission is abnormal according to the comparison result of the network rate W and the preset network rate W0,
if W is less than or equal to W0, the security control module preliminarily judges that the channel transmission is normal;
if W is larger than W0, the security management and control module judges that the channel transmission is abnormal.
Further, when the safety control module preliminarily determines that channel transmission is normal, whether abnormal data exists or not is obtained, and when the abnormal data exists, a utilization ratio difference Δ P between the channel utilization ratio P and a preset channel utilization ratio PO is calculated, the access control module selects a corresponding adjustment coefficient according to a comparison result of the utilization ratio difference and a preset utilization ratio difference to adjust the transmission rate, the access control module sets the adjusted transmission rate to be V ', and sets V' ═ V × Kvi, wherein Kvi is a transmission rate adjustment coefficient.
Further, when the security management and control module determines that the channel transmission is abnormal, the security management and control module obtains the abnormal data volume E, and determines whether to adjust the network rate according to a comparison result between the abnormal data volume E and a preset abnormal data volume E0,
if E is less than or equal to E0, the security management and control module judges that the network rate is not adjusted;
and if E is larger than E0, the security management and control module judges to adjust the network rate.
Further, when determining to adjust the network rate, the security management and control module calculates a data volume difference Δ E between the abnormal data volume E and a preset abnormal data volume E0, and sets Δ E to E-E0, the access control module selects a corresponding adjustment coefficient according to a comparison result between the data volume difference and the preset data volume difference to adjust the network rate, and sets the adjusted network rate to W ', sets W' to W × Kwj, where Kwj is a network rate adjustment coefficient.
Further, the virus searching and killing module is further configured to, when the security management and control module determines that channel transmission is abnormal, compare the abnormal data with stored and/or historically searched and killed virus data to obtain a similarity S between the abnormal data and the virus data, and compare the similarity with a preset similarity, where the virus searching and killing module is provided with a first preset similarity S and a second preset similarity S2, S1 is less than S2,
when S is less than or equal to S1, the virus checking and killing module judges that the data transmission is free of viruses;
when S1 is larger than S2, the virus searching and killing module judges that the data is transmitted with viruses, corrects the network rate and then searches and kills the viruses;
and when S is more than S2 and less than or equal to S3, the virus searching and killing module judges that the data is transmitted with viruses and carries out virus searching and killing after the data transmission is stopped.
Further, when the virus checking and killing module judges that the network rate is modified, the virus checking and killing module calculates a similarity difference Δ S between the similarity S and a preset similarity, the access control module selects a corresponding modification coefficient according to a comparison result between the similarity difference and the preset similarity difference to modify the network rate, and the access control module sets the modified network rate as W ″, sets W ″ -W' × Xwf, wherein Xwf is a network rate modification coefficient.
Compared with the prior art, the method has the advantages that when data exchange is carried out, the abnormal data and the network data of the transmission channel are collected, the abnormal data and the virus data stored in the safety control module are compared, whether the abnormal data are viruses or not is determined, and when the abnormal data are determined to be viruses, the viruses are searched and killed, so that the safety of the data is guaranteed.
Particularly, the invention acquires the real-time transmission rate and the data volume of the transmission channel, calculates the channel utilization rate during data transmission through the data volume, determines whether the utilization rate of the transmission channel during data transmission reaches the standard or not according to the channel utilization rate, and determines the reason why the utilization rate does not reach the standard when the utilization rate does not reach the standard, thereby improving the control precision of the data exchange process and further improving the efficiency of data exchange.
Particularly, when the abnormal data and the virus data are compared, whether the abnormal data are viruses or not is determined according to the similarity of the abnormal data and the virus data, and the control precision of the data exchange process is further improved, so that the safety of the data is further ensured.
Furthermore, when data exchange is carried out, the data exchange module determines the number of the transmission channels according to the comparison result of the data volume to be transmitted and the plurality of preset data volumes to be transmitted, so that the control precision of the data exchange process is further improved, and the safety of the data is further ensured.
Further, when the channel utilization rate is determined to be not up to the standard, the network rate is obtained, whether the channel transmission is normal or not is determined according to the network rate, and when the channel transmission is abnormal, the transmission rate is adjusted by selecting the transmission rate adjusting coefficient according to the comparison result of the channel utilization rate, the utilization rate difference value of the preset channel utilization rate and the utilization rate difference values of a plurality of preset channels, so that the control precision of the data exchange process is further improved, and the data exchange efficiency is further improved.
Furthermore, when the channel transmission is judged to be abnormal, whether the network speed is adjusted is determined according to the comparison result of the abnormal data volume and the preset abnormal data volume, and when the adjustment is determined, the corresponding adjustment coefficient is selected according to the comparison result of the data volume difference value of the abnormal data volume and the preset abnormal data volume and the plurality of preset data volume difference values to adjust the network speed, so that the control precision of the data exchange process is further improved, and the data exchange efficiency is further improved.
Further, when the channel transmission is judged to be abnormal, whether the data transmission has the virus or not is determined according to the comparison result of the similarity of the determined abnormal data and the virus data and the preset similarity, when the virus exists, the network speed is determined to be adjusted according to the actual similarity, then virus searching and killing is carried out or transmission is stopped, and when the virus exists and the similarity is moderate, the access control module selects the corresponding correction coefficient according to the comparison result of the difference between the similarity and the preset similarity and a plurality of preset differences to correct the network speed, so that the control precision of the data exchange process is further improved, and the efficiency of the data exchange is further improved.
Drawings
Fig. 1 is a logic block diagram of a data security switching system based on network boundary according to the present invention.
Detailed Description
In order that the objects and advantages of the invention will be more clearly understood, the invention is further described below with reference to examples; it should be understood that the specific embodiments described herein are merely illustrative of the invention and do not delimit the invention.
Preferred embodiments of the present invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are only for explaining the technical principle of the present invention, and do not limit the scope of the present invention.
It should be noted that, unless explicitly stated or limited otherwise, the terms "mounted," "connected" and "connected" in the description of the invention are to be construed broadly and may for example be fixedly connected, detachably connected or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
Fig. 1 is a logic block diagram of a data security switching system based on network boundaries according to the present invention.
The data security exchange system based on the network boundary of the embodiment of the invention comprises:
the data exchange module is used for carrying out data transmission at the data transmitting end and the data receiving end;
the data acquisition module is connected with the data exchange module and is used for acquiring transmission data of the data transmission channel during data exchange;
the safety control module is respectively connected with the data acquisition module and the data exchange module and is used for acquiring network data and channel abnormal data in a transmission process when data transmission is carried out;
the virus searching and killing module is respectively connected with the data exchange module and the safety control module, and is used for acquiring abnormal transmission data during data transmission, comparing the abnormal transmission data with virus data stored and/or historically searched and killed by the virus searching and killing module according to the abnormal transmission data, and determining the similarity between the abnormal data and the virus data according to a comparison result;
and the access control module is respectively connected with the data acquisition module, the data exchange module, the safety control module and the virus checking and killing module, and is used for controlling the data transmission process during data exchange.
Specifically, the data exchange module obtains the data amount Ud to be transmitted when transmitting data, and determines the number of transmission channels according to the data amount Ud to be transmitted,
the data exchange module is provided with a first preset data volume to be transmitted Ud1, a second preset data volume to be transmitted Ud2, a third preset data volume to be transmitted Ud3, a first channel number R1, a second channel number R2 and a third channel number R3, wherein Ud1 is more than Ud2 and less than Ud3, R1 is more than R2 and less than R3,
when Ud is not more than Ud1, the data exchange module sets the number of the transmission channels as R1;
when Ud1 < Ud ≦ Ud2, the data exchange module sets the number of the transmission channels to R2;
when Ud2 < Ud ≦ Ud2, the data exchange module sets the number of transmission channels to R3.
Specifically, when the data exchange module performs data transmission, the data acquisition module acquires a real-time transmission rate V and a data volume U of each data transmission channel, calculates a channel utilization rate P of the transmission channel, and sets P ═ U/Uz, where U is a data volume transmitted by the transmission channel in real time and Uz is a maximum data volume transmittable by the transmission channel.
Specifically, when the data acquisition module determines that the channel utilization rate is complete, the data acquisition module compares the channel utilization rate P with a preset channel utilization rate P0, and determines whether the channel utilization rate reaches the standard according to the comparison result,
if P is less than P0, the data acquisition module judges that the channel utilization rate does not reach the standard;
and if P is more than or equal to P0, the data acquisition module judges that the channel utilization rate reaches the standard.
Specifically, when the data acquisition film judges that the channel utilization rate does not reach the standard, the safety control module acquires the network rate W in the transmission process, determines whether the channel transmission is abnormal according to the comparison result of the network rate W and the preset network rate W0,
if W is less than or equal to W0, the safety control module preliminarily judges that the channel transmission is normal;
if W is larger than W0, the security management and control module judges that the channel transmission is abnormal.
Specifically, the security control module obtains whether abnormal data exists when the channel transmission is preliminarily determined to be normal, and calculates a utilization difference Δ P between the channel utilization P and a preset channel utilization PO when the abnormal data exists, the access control module selects a corresponding adjustment coefficient to adjust the transmission rate according to a comparison result between the utilization difference and the preset utilization difference,
wherein the access control module is provided with a first preset utilization difference value delta P1, a second preset utilization difference value delta P2, a third preset utilization difference value delta P3, a first transmission rate adjustment coefficient Kv1, a second transmission rate adjustment coefficient Kv2 and a third transmission rate adjustment coefficient Kv3, wherein delta P1 is more than delta P2 and less than delta P3, Kv3 is more than 0.5 and less than Kv2 and less than Kv1 and less than 1 are set,
when the delta P is less than or equal to the delta P1, the access control module selects a first transmission rate adjusting coefficient Kv1 to adjust the transmission rate;
when the delta P is more than or equal to delta P1 and less than or equal to delta P2, the access control module selects a second transmission rate adjusting coefficient Kv2 to adjust the transmission rate;
when the delta P is more than or equal to delta P2 and less than or equal to delta P3, the access control module selects a third transmission rate adjusting coefficient Kv3 to adjust the transmission rate;
when the access control module selects the ith transmission rate adjustment coefficient Kvi to adjust the transmission rate, setting i to be 1, 2 and 3, and setting the adjusted transmission rate as V' and setting V to be V × Kvi.
Specifically, when determining that the channel transmission is abnormal, the security management and control module obtains the abnormal data volume E, and determines whether to adjust the network rate according to a comparison result between the abnormal data volume E and a preset abnormal data volume E0,
if E is less than or equal to E0, the safety control module judges that the network speed is not adjusted;
if E is larger than E0, the security management and control module judges that the network speed is adjusted.
Specifically, when the security management and control module determines to adjust the network rate, the security management and control module calculates a data volume difference Δ E between the abnormal data volume E and a preset abnormal data volume E0, sets Δ E to E-E0, and selects a corresponding adjustment coefficient to adjust the network rate according to a comparison result between the data volume difference and a preset data volume difference,
wherein, the access control module is also provided with a first preset data quantity difference value delta E1, a second preset data quantity difference value delta E2, a third preset data quantity difference value delta E3, a first network speed regulating coefficient Kw1, a second network speed regulating coefficient Kw2 and a third network speed regulating coefficient Kw3, wherein, the delta E1 is more than the delta E2 and more than the delta E3, the Kw3 is more than 0.5 and more than the Kw2 and more than the Kw1 and less than 1 are set,
when the delta E is less than or equal to the delta E1, the access control module selects a first network rate adjusting coefficient Kw1 to adjust the network rate;
when the delta E is more than or equal to delta E1 and less than or equal to delta E2, the access control module selects a second network speed adjusting coefficient Kw2 to adjust the network speed;
when the delta E is more than or equal to delta E2 and less than or equal to delta E3, the access control module selects a third network speed adjusting coefficient Kw3 to adjust the network speed;
when the access control module selects the jth network rate adjustment coefficient Kwj to adjust the network rate, setting j to 1, 2, 3, and the access control module sets the adjusted network rate to W', and sets W to W × Kwj.
Specifically, the virus searching and killing module is further configured to, when the security management and control module determines that channel transmission is abnormal, compare the abnormal data with stored and/or historically searched and killed virus data to obtain a similarity S between the abnormal data and the virus data, and compare the similarity with a preset similarity, where the virus searching and killing module is provided with a first preset similarity S and a second preset similarity S2, and S1 is less than S2,
when S is less than or equal to S1, the virus checking and killing module judges that the data transmission is free of viruses;
when S is more than S1 and less than or equal to S2, the virus searching and killing module judges that the data are transmitted by viruses and carries out virus searching and killing after correcting the network rate;
and when S is more than S2 and less than or equal to S3, the virus killing module judges that the data transmission has the virus and stops transmitting the data, and then virus killing is carried out.
Specifically, the virus searching and killing module calculates a similarity difference Δ S between the similarity S and a preset similarity when determining to correct the network rate, the access control module selects a corresponding correction coefficient according to a comparison result between the similarity difference and the preset similarity difference to correct the network rate,
wherein the access control module is provided with a first preset similarity difference value delta S1, a second preset similarity difference value delta S2, a third preset similarity difference value delta S3, a first network rate correction coefficient Xw1, a second network rate correction coefficient Xw2 and a third network rate correction coefficient Xw3, wherein delta S1 is greater than delta S2 and is less than delta S3, 0.5 is greater than Xw1 is greater than Xw2 is less than Xw3 is less than 1,
when the delta S is less than or equal to the delta S1, the access control module selects a first network rate correction coefficient Xw1 to correct the network rate;
when the delta S is more than or equal to delta S1 and less than or equal to delta S2, the access control module selects a second network rate correction coefficient Xw2 to correct the network rate;
when the delta S is more than or equal to delta S2 and less than or equal to delta S3, the access control module selects a third network rate correction coefficient Xw3 to correct the network rate;
when the access control module selects the f-th network rate correction coefficient Xwf to correct the network rate, setting f to be 1, 2, 3, and the access control module sets the corrected network rate to be W ″, setting W to be W × Xwf.
So far, the technical solutions of the present invention have been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of the present invention is obviously not limited to these specific embodiments. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can be within the protection scope of the invention.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention; various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A secure data exchange system based on network boundaries, comprising:
the data exchange module is used for carrying out data transmission at the data transmitting end and the data receiving end;
the data acquisition module is connected with the data exchange module and is used for acquiring transmission data of the data transmission channel during data exchange;
the safety control module is respectively connected with the data acquisition module and the data exchange module and is used for acquiring network data and channel abnormal data in a transmission process when data transmission is carried out;
the virus searching and killing module is respectively connected with the data acquisition module and the safety control module, and is used for acquiring abnormal transmission data during data transmission, comparing the abnormal transmission data with virus data stored and/or historically searched and killed by the virus searching and killing module according to the abnormal transmission data, and determining the similarity between the abnormal data and the virus data according to a comparison result;
and the access control module is respectively connected with the data acquisition module, the data exchange module, the safety control module and the virus checking and killing module, and is used for controlling the data transmission process during data exchange.
2. The network boundary-based data security switching system according to claim 1, wherein the data switching module obtains a data amount Ud to be transmitted when performing data transmission, and determines the number of transmission channels according to the data amount Ud to be transmitted,
the data exchange module is provided with a first preset data volume to be transmitted Ud1, a second preset data volume to be transmitted Ud2, a third preset data volume to be transmitted Ud3, a first channel number R1, a second channel number R2 and a third channel number R3, wherein Ud1 is more than Ud2 and less than Ud3, R1 is more than R2 and less than R3,
when Ud is not more than Ud1, the data exchange module sets the number of the transmission channels as R1;
when Ud1 < Ud ≦ Ud2, the data exchange module sets the number of the transmission channels to R2;
when Ud2 < Ud ≦ Ud2, the data exchange module sets the number of transmission channels to R3.
3. The system according to claim 2, wherein the data collecting module collects real-time transmission rate V and data amount U of each data transmission channel when the data exchange module performs data transmission, and calculates a channel utilization ratio P of the transmission channel, where P is U/Uz, where U is the data amount transmitted by the transmission channel in real time, and Uz is the maximum data amount transmittable by the transmission channel.
4. The system according to claim 3, wherein the data collection module compares the channel utilization P with a predetermined channel utilization P0 when determining that the channel utilization is completed, and determines whether the channel utilization is up to standard according to the comparison result,
if P is less than P0, the data acquisition module judges that the channel utilization rate does not reach the standard;
and if P is larger than or equal to P0, the data acquisition module judges that the channel utilization rate reaches the standard.
5. The system according to claim 4, wherein the security management and control module obtains the network rate W during transmission when the data acquisition film determines that the channel utilization rate does not meet the standard, and determines whether channel transmission is abnormal according to a comparison result between the network rate W and a preset network rate W0,
if W is less than or equal to W0, the safety control module preliminarily judges that the channel transmission is normal;
if W is larger than W0, the safety control module judges that the channel transmission is abnormal.
6. The system according to claim 5, wherein the security management and control module obtains whether there is abnormal data when it is preliminarily determined that channel transmission is normal, and calculates a difference Δ P between the channel utilization rate P and a preset channel utilization rate PO when there is abnormal data, the access control module selects a corresponding adjustment coefficient according to a comparison result between the difference Δ P and the difference Δ P to adjust the transmission rate, and sets the adjusted transmission rate as V ', sets V' ═ V × Kvi, where Kvi is a transmission rate adjustment coefficient.
7. The system according to claim 6, wherein the security management and control module obtains the abnormal data volume E when determining that the channel transmission is abnormal, and determines whether to adjust the network rate according to a comparison result between the abnormal data volume E and a preset abnormal data volume E0,
if E is less than or equal to E0, the security management and control module judges that the network rate is not adjusted;
and if E is larger than E0, the security management and control module judges to adjust the network rate.
8. The system according to claim 7, wherein when determining to adjust the network rate, the security management and control module calculates a data amount difference Δ E between the abnormal data amount E and a preset abnormal data amount E0, and sets Δ E-E0, the access control module selects a corresponding adjustment coefficient according to a comparison result between the data amount difference and a preset data amount difference to adjust the network rate, and sets the adjusted network rate as W ', and sets W' ═ W × Kwj, where Kwj is a network rate adjustment coefficient.
9. The system according to claim 8, wherein the virus searching and killing module is further configured to compare the abnormal data with stored and/or historically searched and killed virus data when the security management and control module determines that the channel transmission is abnormal, obtain a similarity S between the abnormal data and the virus data, and compare the similarity with a preset similarity, wherein the virus searching and killing module is provided with a first preset similarity S and a second preset similarity S2, S1 < S2,
when S is less than or equal to S1, the virus checking and killing module judges that the data transmission is free of viruses;
when S is more than S1 and less than or equal to S2, the virus searching and killing module judges that the data are transmitted by viruses and carries out virus searching and killing after correcting the network rate;
and when S is more than S2 and less than or equal to S3, the virus searching and killing module judges that the data is transmitted with viruses and carries out virus searching and killing after the data transmission is stopped.
10. The system according to claim 9, wherein the virus searching and killing module calculates a similarity difference Δ S between the similarity S and a preset similarity when determining to modify the network rate, the access control module selects a corresponding modification coefficient according to a comparison result between the similarity difference and the preset similarity difference to modify the network rate, and sets the modified network rate as W ″, where W ═ W × Xwf is set by the access control module, and Xwf is a network rate modification coefficient.
CN202210337850.5A 2022-04-01 2022-04-01 Data security exchange system based on network boundary Active CN114785565B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210337850.5A CN114785565B (en) 2022-04-01 2022-04-01 Data security exchange system based on network boundary

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210337850.5A CN114785565B (en) 2022-04-01 2022-04-01 Data security exchange system based on network boundary

Publications (2)

Publication Number Publication Date
CN114785565A true CN114785565A (en) 2022-07-22
CN114785565B CN114785565B (en) 2023-03-28

Family

ID=82427339

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210337850.5A Active CN114785565B (en) 2022-04-01 2022-04-01 Data security exchange system based on network boundary

Country Status (1)

Country Link
CN (1) CN114785565B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115021870A (en) * 2022-08-09 2022-09-06 杭州瀚陆海洋科技有限公司 Wireless data transmission control system based on deep-sea cable-free autonomous robot
CN116346774A (en) * 2023-02-16 2023-06-27 北京有元科技有限公司 Network flow data query system based on DNS (Domain name System) route

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120017279A1 (en) * 2009-10-28 2012-01-19 Shaun Kazuo Wakumoto Method and apparatus for virus throttling with rate limiting
CN104391812A (en) * 2014-12-02 2015-03-04 联想(北京)有限公司 Communication method and first electronic equipment
JP2017076224A (en) * 2015-10-14 2017-04-20 住友電工システムソリューション株式会社 Inspection method of optical receiver
CN107094122A (en) * 2017-05-18 2017-08-25 武汉烽火技术服务有限公司 A kind of method and system of the adjust automatically network bandwidth
CN107707538A (en) * 2017-09-27 2018-02-16 广东欧珀移动通信有限公司 Data transmission method, device, mobile terminal and computer-readable recording medium
CN110795306A (en) * 2019-10-15 2020-02-14 深圳市高德信通信股份有限公司 Network security management and control system based on real-time monitoring
CN112653664A (en) * 2020-11-20 2021-04-13 金航数码科技有限责任公司 High-safety and reliable data exchange system and method between networks
CN113014434A (en) * 2021-03-09 2021-06-22 安徽超清科技股份有限公司 Data acquisition method based on industrial Internet
CN113923721A (en) * 2021-09-17 2022-01-11 中国电子科技集团公司电子科学研究院 Unmanned aerial vehicle multi-load data interaction system and data transmission pipe control method thereof
CN114024769A (en) * 2021-12-07 2022-02-08 中国建设银行股份有限公司 Network flow safety control system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120017279A1 (en) * 2009-10-28 2012-01-19 Shaun Kazuo Wakumoto Method and apparatus for virus throttling with rate limiting
CN104391812A (en) * 2014-12-02 2015-03-04 联想(北京)有限公司 Communication method and first electronic equipment
JP2017076224A (en) * 2015-10-14 2017-04-20 住友電工システムソリューション株式会社 Inspection method of optical receiver
CN107094122A (en) * 2017-05-18 2017-08-25 武汉烽火技术服务有限公司 A kind of method and system of the adjust automatically network bandwidth
CN107707538A (en) * 2017-09-27 2018-02-16 广东欧珀移动通信有限公司 Data transmission method, device, mobile terminal and computer-readable recording medium
CN110795306A (en) * 2019-10-15 2020-02-14 深圳市高德信通信股份有限公司 Network security management and control system based on real-time monitoring
CN112653664A (en) * 2020-11-20 2021-04-13 金航数码科技有限责任公司 High-safety and reliable data exchange system and method between networks
CN113014434A (en) * 2021-03-09 2021-06-22 安徽超清科技股份有限公司 Data acquisition method based on industrial Internet
CN113923721A (en) * 2021-09-17 2022-01-11 中国电子科技集团公司电子科学研究院 Unmanned aerial vehicle multi-load data interaction system and data transmission pipe control method thereof
CN114024769A (en) * 2021-12-07 2022-02-08 中国建设银行股份有限公司 Network flow safety control system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115021870A (en) * 2022-08-09 2022-09-06 杭州瀚陆海洋科技有限公司 Wireless data transmission control system based on deep-sea cable-free autonomous robot
CN116346774A (en) * 2023-02-16 2023-06-27 北京有元科技有限公司 Network flow data query system based on DNS (Domain name System) route

Also Published As

Publication number Publication date
CN114785565B (en) 2023-03-28

Similar Documents

Publication Publication Date Title
CN114785565B (en) Data security exchange system based on network boundary
CN112152759B (en) Data transmission method, data transmission system, equipment and storage medium
CN2671267Y (en) Consumer apparatus for realizing high-speed dynamic link arrangement
EP2608438B1 (en) Dynamic bandwidth allocation method and device
CN114444739B (en) Digital smart power grid region management system and method
CN109818863B (en) Link priority setting method and device
SE521381C2 (en) Procedure for an access control function for a wireless data network
CN112018409B (en) Fuel cell heat management system and method in fuel cell bus
JPH10327168A (en) Communication method
CN116708134A (en) Point-to-point network transmission system based on flow control
CN109873428A (en) A kind of more method for controlling section power and system towards bulk power grid
CN111817917B (en) Deep packet inspection method, device, server and storage medium
CN117235189A (en) Method for improving IO performance of parallel data warehouse by using distributed virtual storage
CN116031965B (en) Charging method, device, power adapter and storage medium
CN114116237B (en) Hierarchical autonomous remote management method for large-scale network equipment
CN105530302A (en) Method and system for controlling uplink bandwidth
CN114756431A (en) Big data information based monitoring method and device and computer equipment
CN117290329A (en) Method for improving access concurrency performance of MPP data warehouse based on high-availability connection pool
CN114625625B (en) Event time sequence data processing method and system based on user behavior identification
CN113179536B (en) Traffic control method and system based on NB-IoT narrowband communication technology
CN117062158B (en) Router overheat treatment method, router overheat treatment device, server and storage medium
CN113595781B (en) Internet of things communication protocol configuration method and device
CN115758373B (en) Method for unifying nanotubes by multiple cloud servers for cloud management
CN116775382B (en) Main and standby server switching method and system based on ZooKeeper distributed coordination service
EP4250677A1 (en) Network congestion management method and related apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant